CVE-2025-23023

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Name of the Vulnerable Software and Affected Versions Discourse versions prior to the latest version

Description Discourse is an open source platform for community discussion. In affected versions, an attacker can carefully craft a request with the right request headers to poison the anonymous cache, which may have a response with missing preloaded data. This issue only affects anonymous visitors of the site.

Recommendations For versions prior to the latest version, users are advised to upgrade to the latest version of Discourse to resolve the issue. As a temporary workaround for users unable to upgrade, consider disabling anonymous cache by setting the DISCOURSE DISABLE ANON CACHE environment variable to a non-empty value.

Exploit

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

BIT-DISCOURSE-2025-23023

CVE-2025-23023

GHSA-5H4H-2F46-R3C7

Affected Products

Discourse

CVE-2025-23023

Weakness Enumeration

Related Identifiers

Affected Products

References · 9